Claims 



WHAT IS CLAIMED IS: 



1 1. A method to manage secure communications, comprising: 

2 establishing a secure session on a secure site with an external client that 

3 communicates from an insecure site; 

4 detecting access attempts during the session directed to potentially insecure 

5 transactions; and 

6 transparently managing the access attempts by inspecting the access attempts 

7 before making them available to the external client. 

1 2. The method of claim 1 wherein the detecting further includes translating 

2 non-secure links into secure links for the insecure transactions before presenting 

3 results of the access attempts to the external client. 

1 3. The method of claim 1 further comprising: 

2 identifying the potentially insecure transactions as attempts by the external 

3 client to view a World-Wide Web (WWW) browser page having insecure Hypertext 

4 Transfer Protocol (HTTP) reference links or File Transfer Protocol (FTP) reference 

5 links embedded therein, and wherein the reference links reside within the secure 

6 site; and 

7 suppressing normally occurring security warning messages associated with 

8 the reference links, preventing the external client from viewing the security warning 

9 messages. 

1 4. The method of claim 1 further comprising: 

2 identifying the potentially insecure transactions as attempts by the external 

3 client to activate one or more external reference links from a World-Wide Web 

4 (WWW) browser page, wherein the external reference links are associated with 

5 external sites not controlled by the secure session and not secure; and 
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6 using a proxy on behalf of the external client during the secure session in 

7 order to access the external sites and making transactions with the external sites 

8 appear secure to the external client during the secure session. 

1 5. The method of claim 1 further comprising: 

2 identifying the potentially insecure transactions as attempts by the external 

3 client to activate one or more external reference links from a World-Wide Web 

4 (WWW) browser page, wherein the external reference links are associated with 

5 external sites not controlled by the secure session; 

6 inspecting content or metadata of the content associated with the external 

7 reference links in advance of providing the external reference links to the external 

8 client; and 

9 taking zero or more actions based on the inspection before the external 

10 reference links are visible, if at all, to the external client during the secure session. 

1 6. The method of claim 5 wherein the taking of the zero or more actions further 

2 includes at least one action that is at least one or more of: 

3 permitting normally occurring security warnings to present messages to the 

4 external client by taking no action; 

5 removing the external reference links from a browser page that originally 

6 included the reference links before presenting the browser page to the external 

7 client, thereby preventing external client access to the external reference links; 

8 generating for and displaying to a custom warning message that is presented 

9 to the external client; 

10 issuing alerts, notifications, or advisories to a monitoring entity or log; and 

1 1 determining the external reference links are low-risk to or trusted by the 

12 secure site and thereby suppressing normally occurring security warnings from 

13 being presented to the external client. 

1 7. The method of claim 5 wherein the inspecting the content further includes 

2 using a proxy on behalf of the external client during the secure session for 
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3 performing the inspecting. 

1 8. A method to manage secure communications, comprising: 

2 detecting potentially insecure transactions occurring during a secure session, 

3 wherein the insecure transactions result from actions requested by an external client 

4 participating in the secure session; 

5 inspecting the potentially insecure transactions in advance of satisfying the 

6 actions requested; and 

7 making a determination for at least one of the following: permitting the 

8 insecure transactions to proceed unmodified by performing the actions requested for 

9 the external client, permitting the insecure transactions to proceed in a modified 
10 fashion, and denying the insecure transactions by denying the actions requested. 

1 9. The method of claim 8 wherein the inspecting further includes, identifying 

2 the potentially insecure transactions as a request by the external client to access a 

3 World-Wide Web (WWW) browser page having embedded reference links to other 

4 browser pages that reside within an environment of the secure session, wherein the 

5 reference links are modified in order to suppress normally occurring security 

6 warning messages when the browser page is presented to the external client. 

1 10. The method of claim 9 wherein the making a determination further includes, 

2 permitting the insecure transactions to proceed in the modified fashion by changing 

3 the reference links from Hypertext Transfer Protocol (HTTP) insecure links to 

4 HTTP over Secure Sockets Layer (HTTPS) in order to suppress the security 

5 warning messages. 

1 11. The method of claim 8 wherein the inspecting further includes, identifying 

2 the potentially insecure requests as an external client access attempt to reference an 

3 external site outside the control of the secure session. 
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1 12. The method of claim 1 1 wherein the making a determination further includes 

2 permitting the insecure transactions to proceed unmodified by permitting normally 

3 occurring security warnings to be presented to the client before satisfying the 

4 external client access attempt to reference the external site. 

1 13. The method of claim 1 1 wherein the making a determination further includes 

2 permitting the insecure transactions to proceed in a modified fashion by 

3 transparently processing the external client access attempt within a proxy making 

4 the external client access attempt appear to be part of the secure session. 

1 14. The method of claim 1 1 wherein the making a determination further includes 

2 denying the insecure transactions after determining that the external client access 

3 attempt is corrupted and notifying the external client of the denial. 

1 15. The method of claim 1 1 wherein the making a determination further includes 

2 denying the insecure transactions after determining that the external client access 

3 attempt is corrupted and logging information about the external client access 

4 attempt. 

1 16. A secure communications management system, comprising: 

2 a secure communications manager that manages a secure session with an 

3 external client associated with an insecure site; and 

4 a proxy that interacts with the secure communications manager in order to 

5 inspect potentially insecure communications requested by the external client during 

6 the secure session, and wherein the proxy selectively processes the potentially 

7 insecure communications on behalf of the external client within the secure session. 

1 17. The secure communications management system of claim 16 wherein the 

2 secure communications manager translates Hypertext Transfer Protocol (HTTP) 

3 insecure communications into HTTP over Secure Sockets Layer (HTTPS) secure 

4 communications during the secure session. 
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1 18. The secure communications management system of claim 16 wherein the 

2 proxy selectively modifies a number of the potentially insecure communications and 

3 permits them to proceed thereby suppressing normally occurring security warning 

4 messages that the secure communications manager issues. 

1 19. The secure communications management system of claim 16 wherein the 

2 proxy selectively leaves a number of the potentially insecure communications 

3 unchanged and permits secure communications manager to issue security warning 

4 messages to the external client. 

1 20. The secure communications management system of claim 16 wherein the 

2 proxy selectively denies a number of the potentially insecure communications to 

3 proceed and at performs at least one of reports the denial to another entity and 

4 records the denial in a log. 

1 21 . The secure communications management system of claim 16, wherein the 

2 proxy selectively issues custom warning messages or explanations to the external 

3 client regarding a number of the potentially insecure communications. 

1 22. A secure communications management system, comprising: 

2 a secure session; and 

3 secure reference links accessible within the secure session; and 

4 potentially insecure reference links accessible from the secure session; 

5 wherein an external client associated with an external site establishes the 

6 secure session with a secure site, the external client references the secure reference 

7 links and the potentially insecure reference links during the secure session, and 

8 wherein the potentially insecure reference links are inspected and modified in 

9 advance of being made available to the external client during the secure session. 
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1 23. The secure communications management system of claim 22 further 

2 comprising a proxy that inspects and modifies the potentially insecure reference 

3 links in advance of making them available to the external client during the secure 

4 session. 

1 24. The secure communications management system of claim 22 wherein the 

2 secure session is represented within a Word- Wide Web (WWW) browser that the 

3 external client uses for interacting with the secure site. 

1 25. The secure communications management system of claim 22 wherein the 

2 potentially insecure reference links are transparently modified into a number of the 

3 secure reference links before being made available to the external client during the 

4 secure session. 

1 26. The secure communications management system of claim 22 wherein a 

2 number of the potentially insecure reference links are processed by a proxy on 

3 behalf of the external client and appear to the external client to be a number of the 

4 secure reference links. 

1 27. The secure communications management system of claim 22 wherein 

2 normally occurring security warning messages associated with a number of the 

3 potentially insecure reference links are suppressed and not visible to the external 

4 client during the secure session. 

1 28. The secure communications management system of claim 22 wherein a 

2 number of the potentially insecure reference links are not made available to the 

3 external client during the secure session. 

4 29. The secure communications management system of claim 22 wherein a 

5 number of the potentially insecure reference links generate notifications to external 

6 entities. 
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30. The secure communications management system of claim 22 wherein a 
number of the potentially insecure reference links generate written messages to a 
security log. 
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